Arthur Valverde M.

2 exploits Active since Apr 2024
CVE-2024-31503 WRITEUP HIGH WRITEUP
Dolibarr Erp/crm < 19.0.1 - Improper Access Control
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.
CVSS 7.5
CVE-2024-37821 WRITEUP HIGH WRITEUP
Dolibarr Erp/crm < 19.0.2 - Code Injection
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.
CVSS 8.8